In the directions to setup SAML authentication one of the first steps is setting up the LDAP connection. When this is done WASP will import these users at statup.
The original setting for this is as follows: ##Ensure the ldap.import.user.search.filter line matches your LDAP 'user' designation. ldap.import.user.search.filter.0=(objectClass=user)
the above will import ALLuser in the LDAP directory.
Below is sample to limit the import to a single LDAP group: # added the below to restrict imported users to a single group ldap.import.user.search.filter.0=(&(objectcategory=user)(memberof=CN=NimsoftUsers,CN=Users,DC=Nimsoft,DC=com))
Other valid LDAP queris can be used to limit the scope of users inputs.
****NOTE*** if user are imported by mistake they will have to be manually removed from the UMP control panel portal. ?
Procedure
The change to the user import is kept in the portal-ext.properties
The default location of this file is: <Nimsoft>\probes\service\wasp\webapps\ROOT\WEB-INF\classes
The lines that need to be changed are: from the default: ##Ensure the ldap.import.user.search.filter line matches your LDAP 'user' designation. ldap.import.user.search.filter.0=(objectClass=user)
So the custom LDAP search string you need: # added the below to restrict imported users to a single group ldap.import.user.search.filter.0=(&(objectcategory=user)(memberof=CN=NimsoftUsers,CN=Users,DC=Nimsoft,DC=com))
******NOTE****** if an LDAP search criteria is too large you may end up with errors in the portal logs about being able to import users such as: 08 May 2015 14:19:29,030 ERROR [PortalLDAPImporterImpl:714] Unable to import user CN=Administrator,CN=Users: null:null:{samaccountname=sAMAccountName: Administrator} com.liferay.portal.ContactFirstNameException